Category Archives: Fraud Prevention

Be careful. There might be a “visher” on the line

Posted on by

“Vishing” may sound familiar, but unless you’re a fraud investigator, you probably haven’t encountered it. Unfortunately, that could change … soon. To foil a scam that increasingly takes advantage of remote workers, learn what vishing is and how your business can prevent it from infiltrating your network.

Clarifying terms

Vishing isn’t the same as “phishing.” The latter is a type of social engineering fraud that involves email or text messages designed to trick someone into revealing sensitive personal information. Or it may target employees to gain access to worker and customer data, as well as intellectual property.

Voice vhishing (or vishing) scams, on the other hand, involve phones — rather than email or text messages. Vishing schemes often are more aggressive, elaborate and personalized than traditional phishing scams. Therefore, they can be harder to detect.

A look behind the scam

Vishing scams attacking businesses have grown as more employees have started working from home. Typically, fraudsters begin by researching employees online. Armed with such information as an employee’s name, position and duration of employment, the perpetrator poses as a member of the employer’s IT department, claiming he or she needs to install security updates on the employee’s laptop.

Believing they’re giving remote access to a coworker, victims enter their login information into a virtual private network (VPN) set up by the perpetrator. This includes any two-factor authentication or one-time passwords. It’s an honest mistake by the employee that gives the visher real-time access to the company’s actual VPN — and its proprietary information.

Turn a weakness into a strength

Most vishing schemes exploit VPN weaknesses. So if your remote workers access your network through a VPN, be sure to:

  • Restrict VPN connections to managed devices only,
  • Limit VPN access hours, if possible, to mitigate after-hours access,
  • Use domain monitoring to track changes to the company’s domains,
  • Actively scan and monitor Web applications for unauthorized access and modification, and
  • Employ the principle of least privilege (which restricts access to only those privileges needed to perform essential job functions).

Consider implementing a formalized authentication process for employee-to-employee phone communications. For example, you might require a second factor to authenticate the phone call before discussing sensitive information.

Training your employees 

Knowledgeable employees can also help you identify suspicious activity. So be sure to add vishing to your fraud training handbook. Contact us for help if you suspect fraud has attacked your business.

© 2021 Covenant CPA

Small businesses, big fraud risks

Posted on by

It’s not always easy being small. For one thing, small businesses (with fewer than 100 employees) experience higher occupational fraud losses: a median $150,000 vs. $140,000 for larger companies, according to the Association of Certified Fraud Examiners. That’s because they don’t always have the staffing or financial resources to implement fraud-prevention programs. Small businesses are also much more likely to fall victim to certain types of fraud — including check tampering and payroll schemes.

Ask your advisor

Private companies aren’t required to have annual audits, but your small business can still work with your CPA to determine where you might be at risk. He or she can train you to recognize the warning signs and help you reduce opportunities for fraud by, for example, segregating duties in your accounting department.

Periodically ask your CPA to review your receipts and disbursements with an eye toward uncovering irregularities. And if you have inventory that could tempt thieves, ask your advisor to verify inventory counts and observe inventory procedures for potential loopholes.

Don’t fall short

One area where many small businesses fall short is in conducting background checks on potential employees. Check all work references and consider running criminal background checks. Workers with a history of occupational theft often seek jobs with small businesses because they think pre-employment screening likely will be minimal.

Even if you don’t have a large enough staff to implement strict segregation of duties, you can still establish oversight procedures that allow you to understand and verify financial information. This might mean reviewing bank statements before they go to your bookkeeper and reconciling them yourself every month. Also set a dollar limit on the checks that employees can write without authorization to protect against check alteration.

Finally, don’t overlook the value of treating employees fairly. Many employees rationalize fraudulent activities because they feel underpaid or underappreciated. Make sure your pay scale is competitive by comparing it with prevailing wages in your area. And take employee complaints — particularly if they’re about possible illicit activities — seriously.

Give employees a voice

One of the best ways to provide employees with a voice and catch fraud before it leads to major losses is an anonymous reporting mechanism — such as a hotline or web portal. We can suggest affordable reporting solutions and help you establish an effective anti-fraud plan.

© 2021 Covenant CPA

Keep fraud out of your law firm

Posted on by

As counterintuitive as it may seem, law firms aren’t immune to criminal activity. Because some firms place enormous pressure on attorneys to produce billable work, they may be particularly vulnerable to fraud. Your firm needs to know what to look for and how to protect itself from potential schemes perpetrated by partners, associates and support staff.

Hold everyone to high standards

A firm’s accounting department — payroll and accounts payable and receivable — is where fraud often occurs. But even trusted partners should adhere to your firm’s internal controls and fraud-prevention processes.

All prospective employees, regardless of level, need to complete an employment application with written authorization permitting your firm to verify information provided. Then, call references and conduct background checks (or hire a service to do it). These checks search criminal and court records, pull applicants’ credit reports and driving records, and verify their Social Security numbers.

Protect with oversight

The design of financial documents can help protect your firm’s financial transactions from fraud. For example, use prenumbered payment vouchers that a designated partner must approve. This is effective because the designated partner knows what the transactions are and how they pertain to your firm’s clients.

A designated partner should also open all bank statements. Even if the partner doesn’t review every item individually, employees will get the message that transactions will be verified. Someone outside your firm’s accounting department, such as your CPA, might review transactions as they’re processed and financial statements at the close of accounting cycle reconciliations.

To prevent fraudsters from manipulating financial records, ensure that accounting and billing systems are accessible only to those partners, managers and accounting staffers who need to use them. Change difficult passwords frequently and keep your firm’s cybersecurity software current.

Special risks

Some smaller firms assign the same person to open mail, make bank deposits, record book entries and reconcile monthly bank statements. In this environment, fraud is not only possible — it’s likely. It’s critical that your firm distribute these tasks to two or more people. If this is impossible, consider outsourcing at least some accounting functions.

Firms of all size — and, in fact, professional service firms in general — need to be especially wary of expense report fraud. A manager should review all expense submissions before they go to accounting for payment. Require backup documentation and an explanation of how expenses relate to client or firm business.

Ethical culture

In the collegial environment of the typical law firm, partners and employees are more likely to be influenced by their peers. Make sure you’ve built a highly ethical culture in which everyone works to deter fraud and is committed to reporting behavior that violates policies. Contact us for help developing effective internal controls or if you suspect fraudulent activity in your firm. 

© 2021 Covenant CPA

The interview before the fraud interview

Posted on by

When Anna, the CEO of a small manufacturing company, received an anonymous report about fraud in the accounting department, she wasn’t sure how to act. After all, the complaint could be accurate, but there was also a chance that it wasn’t. She called her company’s attorney, who recommended a forensic accountant to investigate. He also suggested that she perform some preliminary interviews to gather facts — but to be careful not to interrogate employees.

If you’re in a position similar to Anna’s, here’s how to conduct interviews before a fraud expert comes on the case. 

Investigation prep

In advance of requesting any interviews, decide what information you’re looking for. Knowing what you want helps you get to the truth of the matter quickly and avoid getting sidetracked by extraneous information. Then, identify who’s best able to supply that information.

Say, for example, you suspect an accounts receivable employee of siphoning money. You may want to talk to that person’s supervisor and a member of your IT department to get information on work habits, unusual behavior or signs of file tampering. Remember, though, that people may be reluctant to share information if they feel it reflects poorly on them or if it might land someone else in hot water.

Restraint is critical

When you sit down for an interview, set the tone with some introductory questions and ask the interviewee to agree to cooperate. In most cases, you’ll be looking for information that helps prove or disprove your suspicions, and the interview will be fact-finding in nature. It should last long enough for you to obtain all the information the subject has to offer. But don’t prolong sessions unnecessarily.

Aim for an informal, relaxed conversation and be sure to remain professional, calm and nonthreatening. Don’t interrupt unnecessarily, suggest that you have preconceived ideas about who did what, or assert your authority unnecessarily. If you suspect someone is withholding information, try asking more detailed questions. And if someone says something you believe is untrue, ask for clarification. You might suggest that your question was misunderstood or that the employee didn’t give it enough thought before answering.

Finally, never make threats or promises to encourage an employee to change a statement or confess. If the case ends up in court, such tactics could make the evidence you collect inadmissible. If someone persists in lying, ask them to put their statement in writing and sign it. Then turn the statement — and your suspicions — over to fraud experts.  

Give it to the experts

If you decide there’s evidence that fraud has occurred, engage a forensic accountant to investigate further. This expert will interview potential suspects and witnesses to get to the bottom of the matter while gathering critical evidence of a crime. Contact us for help and more information.

© 2021 Covenant CPA

When divorcing business owners minimize profits

Posted on by

Dividing a marital estate is rarely easy. But it’s made much harder if a divorcing spouse owns a private business and attempts to artificially deflate its profits or hide assets. If you or your attorney suspects this type of deception, engage a forensic accountant to investigate.

Key questions

When working on divorce cases, fraud experts ask several questions about private business interests. For example, does a spouse own a cash business that may have unreported income? Does the owner receive special (or excessive) perks or tax write-offs that affect the business’s profitability? Are numbers intentionally reported incorrectly to affect the business’s value?

n addition, experts investigate whether the company has any subsidiaries or is part of any other business ventures. Sometimes, a business owner may be a silent partner in an entity where ownership isn’t obvious.

Readily transferable.

Anomalies in a business’s income statements may reveal possible deception, particularly:

  • Excessive write-offs,
  • Withheld revenue deposits,
  • A large one-time expense, or
  • A decrease in revenue with no related decrease in variable expenses.

Sudden changes that occur when a spouse is contemplating divorce may suggest unreported income or overstated expenses. However, these changes could also be due to external forces, such as the loss of a major salesperson or adverse market conditions.

When evaluating expenses, experts often focus on the amounts paid to owners and other related parties. These may include payments for compensation, benefits, rent, management fees, and company vehicles and other perks. The owner-spouse also might try to flush personal expenses through the business.  

Balance sheet secrets

Balance sheets may reveal whether an owner is trying to hide assets (for example, in an offshore account) or transfer them to a related party for less than market value. Inventory is particularly susceptible to manipulation. Although notes payable to shareholders can be legitimate transactions, they also may be used to conceal income being distributed to an owner.

Experts review the equity section for any changes in the business’s ownership after the parties filed for divorce. They also search for suspicious withdrawals or distributions from capital accounts. Controlling owners may sometimes attempt to transfer ownership of business interests to close friends or associates to deprive their spouses of portions of the assets or portions of the business income.

Distorted value

Although divorce can give rise to angry actions, most business owners would never stoop to falsifying financial records simply to deprive their ex-spouses of a fair division of marital assets. But if the value of a business seems distorted, contact us for help identifying the causes and to suggest reasonable adjustments.

© 2021 Covenant CPA

The ugly side of the precious metals and stones industry

Posted on by

All that glitters isn’t gold. This includes gold — and other precious metals, stones and jewels that are sometimes used to launder the “dirty” proceeds of criminal activities such as drug trafficking and terrorism. But several U.S. laws and regulations target these international money-laundering operations.

Good as gold

Precious metals, stones and jewels make ideal vehicles for money laundering for several reasons:

Ownership and control. Precious metals are bearer instruments, meaning that like cash, the individual in possession of the precious metal owns and controls it.

Readily transferable. There’s an active, global market that enables criminals to trade them. Because precious metals have many legitimate uses, criminals often can move them without attracting attention.

Relatively stable. Although the price of precious metals fluctuates like those of any commodity, the value of precious metals tends to remain reasonably steady.

Easy to smuggle. Money launderers may use private jets to bypass major airports and cross international lines. Diamonds and other precious stones are small enough to smuggle in someone’s pocket.

Difficult to track. Criminals can manipulate these goods to disguise their source or create a fake document trail to prove their authenticity.  

Defining the dealers

Most precious metals dealers must comply with the U.S. Bank Secrecy Act, which requires that they create and follow an anti-money laundering (AML) program. Certain AML provisions of the U.S. Patriot Act and rules of the Office of Foreign Assets Control also apply to precious metal dealers.

The Financial Crimes Enforcement Network (FinCEN) defines a dealer as someone who isn’t a retailer and who both buys and sells covered goods (as described by FinCEN). A dealer must have bought at least $50,000 and sold at least $50,000 of goods in the previous year. Note that there are exceptions. For example, pawnbrokers generally aren’t considered dealers, but in some circumstances they can be. If you’re not sure about your business, talk with an attorney with AML experience.

AML program

But if you do qualify as a dealer, your AML program must have the following:

  • Written policies, procedures and a robust set of internal controls,
  • A designated compliance officer,
  • Training for employees, and
  • Frequent third-party testing.

Other businesses also should be aware of potential criminal activity. For example, if your company is involved in a transaction involving gold coins, be sure to assess the dealer’s compliance efforts.

Contact us for more information, particularly if you aren’t a precious metals dealer but are contemplating a transaction that involves precious metals or stones. 

© 2021 Covenant CPA

Deepfakes: The newest frontier in fraud

Posted on by

Fraud perpetrators are constantly altering their methods to evade detection. Nimble cybercriminals, for example, are why IT security companies update their software so frequently. The use of deepfakes (a word derived from “deep learning” and “fake”) is one of the latest threats to emerge. Deepfakes are enabled by artificial intelligence (AI) and they’re something your company needs to have on its radar because if you haven’t seen a deepfake yet, you will.

Spotting an imposter

A deepfake involves the use of AI to create video, audio or static images that seem real. You may have seen them in viral videos of famous people, such as one in which Facebook’s Mark Zuckerberg is shown saying he has “total control of billions of people’s stolen data.” As realistic as it looked and sounded, the video depicted something that never happened.

Aside from manipulating public opinion and generating outrage, deepfakes can be used to steal. Employing an expertly altered audio file, someone can trick a bank’s voice authentication tools to grant access to funds. Or a deepfake using audio and video files could convince a company to open a customer account to buy goods on credit. In such cases, the nonpaying customers are untraceable.

Proving what’s real

Since deepfakes use emerging technology, detecting them can be challenging. But depending on a deepfake’s format, some third-party detection solutions are available.

Software designed to detect video deepfakes can use a “liveness” detector, which analyzes a person’s face for natural movements. Computers also can analyze images at the pixel level for manipulation. Deepfake audio software is capable of discerning almost-imperceptible sounds that aren’t human generated.

Keeping current

You can protect your business from deepfake-related fraud by updating your current internal controls. For example, if your company operates a call center, make sure you have procedures that prevent audio deepfakes from gaining unauthorized account access. In addition, keep current on deepfake developments. You might, for example, establish a Google Alert to provide you with articles relevant to your industry and particular vulnerabilities.

Contact us for more information about emerging fraud schemes and for help updating your internal controls.

© 2021 Covenant CPA

Fraud still matters when making business acquisitions

Posted on by

The COVID-19 pandemic has often made the due diligence process for business acquisitions more complex and time-consuming. But if you’re buying a company, it’s critical to dedicate your full attention to this part of the M&A process — not only to confirm that the selling business is as valuable as you believe it to be, but to protect against fraud. Plan early to engage a fraud expert to review financial statements and other documents for signs that you could be dealing with a dishonest seller.

Subtle warning signs

When reviewing a seller’s financial statements, forensic experts look for subtle warning signs of fraud. These include excess inventory, a large number of write-offs, an unusually high number of voided discounts for returns, insufficient documentation of sales and increased purchases from new vendors. Another suspicious sign is increased accounts payable and receivable combined with dropping or stagnant revenues and income.

Fishy revenue, cash flow and expense numbers and unreasonable-seeming growth projections warrant further investigation to determine whether financial statements represent fraud or they’re evidence of unintentional errors or mismanagement. The latter is common in smaller companies that don’t have their statements audited by outside experts or that may not have adequate internal financial expertise.

Systematic manipulation

To determine whether unusual income numbers indicate systematic manipulation, experts often consider whether owners or executives had the opportunity to commit fraud. A lack of solid internal controls makes financial statement fraud more likely. Regulatory disapproval, customer complaints and suspicious supplier relationships can also raise red flags. If warranted, a forensic expert may perform background checks on your target company’s principals.

It’s important to note that some accounting practices adopted to present a business in the best light may be perfectly legal. However, if your expert finds evidence of intentional fraud — particularly at the executive level — you’ll probably want to rescind your acquisition offer. In less serious cases, you may simply need to make purchase price adjustments or even change the deal’s structure.

Negotiating protection

An indemnification clause written into the purchase agreement can protect you if a seller lies about matters that affect your acquisition, such as fraud. But negotiating these clauses can be tricky since sellers tend to push for a narrow definition of “fraud” and for limits on liability. The fact remains that if a seller has committed fraud, it’s better to uncover it before the M&A transaction goes through.

Contact us with your questions about M&A fraud and for help evaluating your potential business acquisition.

© 2021 Covenant CPA

Making an estate plan? How to avoid fraudulent transfers

Posted on by

If you have an estate plan and also have creditors, you could be a fraud perpetrator — without knowing it or intending to defraud anyone. In some circumstances, creditors can challenge gifts, trusts and other strategies for leaving assets to heirs as fraudulent transfers. Here’s how to keep your estate plan from running into trouble.

2 types

Most states have adopted the Uniform Fraudulent Transfer Act (UFTA). The law allows creditors to challenge transfers involving two types of fraud:

  1. Actual fraud. This means making a transfer or incurring an obligation “with actual intent to hinder, delay or defraud any creditor,” including current creditors and probable future creditors.
  2. Constructive fraud. This is a more significant threat for most people because it doesn’t involve intent to defraud. Under UFTA, a transfer or obligation is constructively fraudulent if you made it without receiving a reasonably equivalent value in exchange for the transfer or obligation and you either were insolvent at the time or became insolvent as a result of the transfer or obligation.

“Insolvent” means that the sum of your debts is greater than all of your assets, at a fair valuation. You’re presumed to be insolvent if you’re not paying debts as they become due. Generally, constructive fraud rules protect only present creditors or those whose claims arose before the transfer was made or obligation incurred.

Know your net worth

When it comes to actual fraud, you may not be safe just because you weren’t purposefully trying to defraud creditors. A court can’t read your mind, and it will consider the surrounding facts and circumstances to determine whether a transfer involves fraudulent intent. So before you make gifts or place assets in a trust, consider how a court might view the transfer.

Constructive fraud is a greater risk because of how insolvency is defined and gifts are made. When you make a gift, either outright or in trust, you don’t receive reasonably equivalent value in exchange. If you’re insolvent at the time, or the gift you make renders you insolvent, you’ve made a constructively fraudulent transfer. This means a creditor could potentially undo the transfer.

To avoid this risk, calculate your net worth carefully before making substantial gifts. Even if you’re not having trouble paying your debts, it’s possible you might meet the technical definition of insolvency. Also keep in mind that fraudulent transfer laws vary from state to state. Therefore, you should consult an attorney about the law where you live.

Build a better plan

Besides knowing the law, you can protect your estate plan in several ways. Work with a professional estate planner and be sure to reveal everything about your financial situation that might be relevant to building a creditor-resistant plan. Also manage any debts by working with creditors to negotiate reasonable repayment plans. We can help if you’re still having trouble balancing your budget or managing your assets.

© 2021 Covenant CPA

Put employees to work fighting fraud

Posted on by

You may have the best internal controls in the business world, but if your employees don’t follow them, your company is at serious risk for fraud. The same is true if workers aren’t aware of your company’s risks and can’t recognize red flags. The solution? Educate them.

Training is critical

A forensic accountant can conduct on-site, broad-based training for employees in the form of live or virtual presentations. This expert might use role-playing to help staff understand the various forms fraud can take, as well as how perpetrators think and identify their victims’ vulnerabilities and weaknesses.

Enlisting the help of external experts is particularly important for smaller businesses. Not only are they more vulnerable to fraud, but they’re less likely to have in-house fraud expertise. Small-business training can focus on the most common schemes for companies with fewer than 100 employees, such as billing fraud and check-tampering schemes.

Threats that require employee attention

In general, your company’s specific needs should dictate the content of your training program. But most businesses need to spread the word about certain threats. For instance, employees should be trained to observe coworkers who appear to be living beyond their means or who might have addiction issues. Both increase the likelihood that an employee will attempt to commit fraud. If these workers have easy access to payroll or other accounting functions, the risk increases. Provide stakeholders with a confidential fraud reporting hotline or web portal to report their suspicious.

Cybercrime is another risk every employee needs to know about. Phishing, social engineering and other techniques are designed to trick them into revealing company, customer and other confidential data or providing access to your business’s network. Workers need to learn how to keep information safe by handling email carefully, changing passwords often and updating security software as soon as required.

Optional training

Depending on your industry, you might want to train employees to spot other risks. Construction and manufacturing businesses, where on-the-job injury rates are high, should prioritize workers compensation fraud training. Retailers and other cash-dependent businesses need to educate workers about potential skimming schemes.

Also train employees to mitigate risks related to specific responsibilities. For example, those who authorize charitable donations should be taught to verify charities with the IRS to ensure they’re legitimate and tax-exempt. Hiring managers and HR employees — as well as those who vet potential vendors — must follow background check procedures.

Empower fraud watchdogs 

Rank-and-file employees usually are the first ones to spot fraud perpetrated by coworkers or managers. So give them the tools they need to succeed in their role as fraud watchdogs. Contact us for help with fraud training.

© 2021 Covenant CPA